Merge branch 'hotfix/1.8.28'

Author: bnu

classes/context/Context.class.php

@@ -1403,6 +1403,10 @@ function _filterRequestVar($key, $val, $do_stripslashes = 1)
 			{
 				$result[$k] = urlencode($v);
 			}
+			elseif(stripos($key, 'XE_VALIDATOR', 0) === 0)
+			{
+				unset($result[$k]);
+			}
 			else
 			{
 				$result[$k] = $v;

modules/autoinstall/autoinstall.admin.view.php

@@ -482,6 +482,7 @@ function dispAutoinstallAdminIndex()
 
 		$security = new Security();
 		$security->encodeHTML('package.', 'package.depends..', 'item_list..');
+		$security->encodeHTML('search_target', 'search_keyword');
 	}
 
 	/**

modules/comment/comment.admin.view.php

@@ -91,6 +91,9 @@ function dispCommentAdminList()
 		}
 		Context::set('module_list', $module_list);
 
+		$security = new Security();
+		$security->encodeHTML('search_target', 'search_keyword');
+
 		// set the template 
 		$this->setTemplatePath($this->module_path . 'tpl');
 		$this->setTemplateFile('comment_list');

modules/document/document.admin.view.php

@@ -96,6 +96,9 @@ function dispDocumentAdminList()
 		}
 		Context::set('module_list', $module_list);
 
+		$security = new Security();
+		$security->encodeHTML('search_target', 'search_keyword');
+
 		// Specify a template
 		$this->setTemplatePath($this->module_path.'tpl');
 		$this->setTemplateFile('document_list');

modules/file/file.admin.view.php

@@ -202,6 +202,7 @@ function dispFileAdminList()
 		$security = new Security();
 		$security->encodeHTML('file_list..');
 		$security->encodeHTML('module_list..');
+		$security->encodeHTML('search_target', 'search_keyword');
 
 		$this->setTemplatePath($this->module_path.'tpl');
 		$this->setTemplateFile('file_list');

modules/member/member.admin.view.php

@@ -118,6 +118,7 @@ function dispMemberAdminList()
 
 		$security = new Security();
 		$security->encodeHTML('member_list..user_name', 'member_list..nick_name', 'member_list..group_list..');
+		$security->encodeHTML('search_target', 'search_keyword');
 
 		$this->setTemplateFile('member_list');
 	}

modules/member/member.controller.php

@@ -1469,9 +1469,8 @@ function putSignature($member_srl, $signature)
 	{
 		$signature = trim(removeHackTag($signature));
 		$signature = preg_replace('/<(\/?)(embed|object|param)/is', '&lt;$1$2', $signature);
-		$signature = removeHackTag($signature);
 
-		$check_signature = trim(str_replace(array('&nbsp;',"\n","\r"),'',strip_tags($signature,'<img><object>')));
+		$check_signature = trim(str_replace(array('&nbsp;',"\n","\r"), '', strip_tags($signature, '<img><object>')));
 		$path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl));
 		$filename = sprintf('%s%d.signature.php', $path, $member_srl);
 

modules/member/member.model.php

@@ -1005,8 +1005,8 @@ function getSignature($member_srl)
 			if(file_exists($filename))
 			{
 				$buff = FileHandler::readFile($filename);
-				$signature = preg_replace('/<\?.*\?>/', '', $buff);
-				$GLOBALS['__member_info__']['signature'][$member_srl] = removeHackTag($signature);
+				$signature = preg_replace('/<\?.*?\?>/', '', $buff);
+				$GLOBALS['__member_info__']['signature'][$member_srl] = $signature;
 			}
 			else $GLOBALS['__member_info__']['signature'][$member_srl] = null;
 		}

modules/menu/menu.admin.controller.php

@@ -1979,20 +1979,23 @@ function getPhpCacheCode($source_node, $tree, $site_srl, $domain)
 			// Get data from child nodes if exist.
 			if($menu_item_srl&&$tree[$menu_item_srl]) $child_output = $this->getPhpCacheCode($tree[$menu_item_srl], $tree, $site_srl, $domain);
 			else $child_output = array("buff"=>"", "url_list"=>array());
+
 			// List variables
 			$names = $oMenuAdminModel->getMenuItemNames($node->name, $site_srl);
 			unset($name_arr_str);
 			foreach($names as $key => $val)
 			{
-				$name_arr_str .= sprintf('"%s"=>"%s",',$key, str_replace(array('\\','"'),array('\\\\','"'),$val));
+				$name_arr_str .= sprintf('"%s"=>\'%s\',', $key, str_replace(array('\\','\''), array('\\\\','\\\''), strip_tags($val)));
 			}
 			$name_str = sprintf('$_menu_names[%d] = array(%s); %s', $node->menu_item_srl, $name_arr_str, $child_output['name']);
+
 			// If url value is not empty in the current node, put the value into an array url_list
 			if($node->url) $child_output['url_list'][] = $node->url;
 			$output['url_list'] = array_merge($output['url_list'], $child_output['url_list']);
 			// If node->group_srls value exists
 			if($node->group_srls)$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged && %s))',$node->group_srls,$node->group_srls == -1?1:0);
 			else $group_check_code = "true";
+
 			// List variables
 			$href = str_replace(array('&','"','<','>'),array('&amp;','&quot;','&lt;','&gt;'),$node->href);
 			$url = str_replace(array('&','"','<','>'),array('&amp;','&quot;','&lt;','&gt;'),$node->url);
@@ -2046,10 +2049,10 @@ function getPhpCacheCode($source_node, $tree, $site_srl, $domain)
 			}
 			// Create properties (check if it belongs to the menu node by url_list. It looks a trick but fast and powerful)
 			$attribute = sprintf(
-				'"node_srl"=>"%s","parent_srl"=>"%s","menu_name_key"=>\'%s\',"isShow"=>(%s?true:false),"text"=>(%s?$_menu_names[%d][$lang_type]:""),"href"=>(%s?%s:""),"url"=>(%s?"%s":""),"is_shortcut"=>"%s","desc"=>\'%s\',"open_window"=>"%s","normal_btn"=>"%s","hover_btn"=>"%s","active_btn"=>"%s","selected"=>(array(%s)&&in_array(Context::get("mid"),array(%s))?1:0),"expand"=>"%s", "list"=>array(%s),  "link"=>(%s? ( array(%s)&&in_array(Context::get("mid"),array(%s)) ?%s:%s):""),',
+				'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => \'%s\', "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? "%s" : ""), "is_shortcut" => "%s", "desc" => \'%s\', "open_window" => "%s", "normal_btn" => "%s", "hover_btn" => "%s", "active_btn" => "%s", "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => \'%s\', "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
 				$node->menu_item_srl,
 				$node->parent_srl,
-				addslashes($node->name),
+				strip_tags(addslashes($node->name)),
 				$group_check_code,
 				$group_check_code,
 				$node->menu_item_srl,

modules/point/point.admin.view.php

@@ -114,9 +114,10 @@ function dispPointAdminPointList()
 		$this->group_list = $oMemberModel->getGroups();
 		Context::set('group_list', $this->group_list);
 		//Security
-		$security = new Security();			
+		$security = new Security();
 		$security->encodeHTML('group_list..title','group_list..description');
 		$security->encodeHTML('member_list..');
+		$security->encodeHTML('search_target', 'search_keyword');
 
 		// Set the template
 		$this->setTemplateFile('member_list');

modules/poll/poll.admin.view.php

@@ -92,6 +92,8 @@ function dispPollAdminList()
 
 		$security = new Security();
 		$security->encodeHTML('poll_list..title', 'poll_list..nick_name');
+		$security->encodeHTML('search_target', 'search_keyword');
+
 		// Set a template
 		$this->setTemplatePath($this->module_path.'tpl');
 		$this->setTemplateFile('poll_list');